Experts like Michael Kaiser and Phil Reitinger have dedicated their careers to warning the world about online threats from bad security. The National Cyber Security Alliance, where Kaiser serves as executive director, helped create the awareness campaign in 2004, but nothing has been more effective than the hacks of 2017 at making security a household word.

Now playing:Watch this:
Worst hacks of the year

3:24

After being largely ignored for years, cybersecurity has shouted and shoved its way into the national conversation, thanks to significant attacks that affected personal finances, home devices and the political scene. Researchers saw the writing on the wall for years but often had a difficult time getting the public to listen to their warnings.

"It was my job to be responsible for things like raising awareness of cybersecurity risk," said Reitinger, CEO of the Global Cyber Alliance and a former cybersecurity director at the Department of Homeland Security. "And I have abjectly failed over the last 20 years, as has everyone else in the industry."

It's a problem in other areas, too: We regularly hear about wildfires, but we don't talk much about fire prevention. And wow, were there some security infernos in 2017. At least once a month came revelations of a major hack, breach or security flaw. Here's a list of all the heavy hitters.

The US government has also put cybersecurity in the spotlight, after the Trump administration called it a national defense priority on December 18.

Security experts now have a rare moment when there's awareness in spades. Here's how we arrived at this point.

Hitting home

Massive data breaches have happened before, striking businesses such as Target, Whole Foods and various hotel chains. But none has had the lasting effect of the Equifax breach.

The credit-monitoring company collected Social Security numbers, credit histories, addresses, names and birth dates on Americans as part of its business. Then in September, it acknowledged that an attack had exposed the data of 145.5 million people.

At least in the Target and Whole Foods hacks, the victims had decided to go to the store, and they could choose to cancel the credit card they used. With Equifax, it's a different story.

"They had no choice that companies are taking their personal information and monetizing it," Sen. Catherine Cortez Masto, a Democrat from Nevada, said during a Nov. 8 hearing on Equifax and Yahoo. "They get stuck for the rest of their lives dealing with the results of a breach."

With most cyberattacks, the attention fades away after the news cycle moves on. But Equifax victims will be grappling with the damages for a long time. The exposed data has much more potential for harm than stolen passwords and credit card numbers.

Numbers game

The National Cyber Security Alliance's Kaiser has been warning about ransomware since 1989. But it wasn't until this year that the malware had a breakout moment and people started listening.

"To have this massive number in a very short period of time, those kinds of events wake people up to the fact that they could be victims," Kaiser said.

The scale of the attacks grabbed the public's attention. Yahoo gave the public 3 billion reasons to worry about security. The Equifax breach affected nearly half the US population.

"We've never seen impact on consumers bigger than this year," said Tyler Shields, vice president of strategy for security company Signal Science. "Pretty much everybody was affected. That's what brought security into the mainstream lexicon."

Now what?

Security advocates finally seem to have the public's attention, and the hope is that people -- including lawmakers -- will take their advice more seriously.

"We've got [the public's] attention, and now we've really got to go out there and help them step up their game," Kevin Haley, a director of security response at Symantec. "It's going to have to be people like us providing simple solutions. We're not going to turn every person into a security expert."

The security industry has an opportunity, but it can't drag its feet. Shields noted that every breach has a "decay period of awareness," meaning that eventually people will forget about it. Still, he said, "the awareness that comes out of these breaches, if we do it right, is very valuable."

Doing it right means explaining security concepts in a way that's easy to understand -- and getting people to actually adopt safe practices. Remember, Equifax was completely aware of its security flaws, but it didn't fix them. That's the challenging part. Making it happen could come through legislation, but that would be enforceable only with organizations.

The change won't happen all at once in 2018, or even in the next five years, Reitinger said. He actually thinks things will get worse over the next year, but that eventually, by the next decade, life should be better.

"The situation has gotten worse and the level of awareness has clearly gotten up," he said. "But it's not yet where it needs to be."